0514513dd2c53cb46149cf4d57eb6ff29863f9d5b7d1d8dd122d99a0210dae3b

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0292853e8e5fb47cade7d20275690c9.exe
Size

227KB
MD5

e0292853e8e5fb47cade7d20275690c9
SHA1

4a60c7d277a0fd592c6a8c163752e0b8a6a83858
SHA256

0514513dd2c53cb46149cf4d57eb6ff29863f9d5b7d1d8dd122d99a0210dae3b
SHA512

0bbb195c81b76d6e65c9f1042f2cfc7983c4627c73ff95289cc0c2c144ef5c03a145583102da05ccd299a6198a76cb8131ca35eddbc531c8abd08fc02f489bc3
SSDEEP

6144:KifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRV/0:9fk6kDqHw2hmxlrz2HoSRm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2872-0-0x0000000000FB0000-0x000000000104E000-memory.dmp	upx
behavioral1/memory/2872-39-0x0000000002F40000-0x0000000002FDE000-memory.dmp	upx
behavioral1/memory/2460-40-0x0000000000FB0000-0x000000000104E000-memory.dmp	upx
behavioral1/memory/2872-128-0x0000000000FB0000-0x000000000104E000-memory.dmp	upx
behavioral1/memory/2460-129-0x0000000000FB0000-0x000000000104E000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\PROGRA~2\Zona\License_en.rtf	E02928~1.EXE
File created	C:\PROGRA~2\Zona\utils.jar	E02928~1.EXE
File created	C:\PROGRA~2\Zona\License_ru.rtf	E02928~1.EXE
File created	C:\PROGRA~2\Zona\License_uk.rtf	E02928~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2620	2872	e0292853e8e5fb47cade7d20275690c9.exe	28
PID 2872 wrote to memory of 2620	2872	e0292853e8e5fb47cade7d20275690c9.exe	28
PID 2872 wrote to memory of 2620	2872	e0292853e8e5fb47cade7d20275690c9.exe	28
PID 2872 wrote to memory of 2620	2872	e0292853e8e5fb47cade7d20275690c9.exe	28
PID 2872 wrote to memory of 2460	2872	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2872 wrote to memory of 2460	2872	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2872 wrote to memory of 2460	2872	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2872 wrote to memory of 2460	2872	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2872 wrote to memory of 2460	2872	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2872 wrote to memory of 2460	2872	e0292853e8e5fb47cade7d20275690c9.exe	31
PID 2872 wrote to memory of 2460	2872	e0292853e8e5fb47cade7d20275690c9.exe	31

C:\Users\Admin\AppData\Local\Temp\e0292853e8e5fb47cade7d20275690c9.exe
"C:\Users\Admin\AppData\Local\Temp\e0292853e8e5fb47cade7d20275690c9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2620
- C:\Users\Admin\AppData\Local\Temp\E02928~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\E02928~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  - Drops file in Program Files directory
  PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
909e21fd9eaea8e75b86d86c848220ff

SHA1
acede5269d3289a815ec2e02a4851a8bbd32ed53

SHA256
2b4cb3caadbf2cec75ea2ee60749ac3774c33bcc88e3f8079420e9471c92d85e

SHA512
191b5475baa8a4d6fad7ebf2a03a1777a6409e5975d3d5de6bb1da430a5f12c7e4666ee39ad41f3d6645bc5fbcf726fe99550dca9c00bc834fd5eb9584380b0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
564221055e924e794724dd28ba56b96c

SHA1
b41278f3a4253bb222f2c97ae312566d411dddc6

SHA256
e5b5749adf5e9ee351de91d14e7f39f7fac670e4612cf35255d99cf1654f9cc6

SHA512
84c32ff2f11e4cfdccae300dab55424b7d969e14834698b6b087565cf91d05f9040e0463d3055ff5d74524930a5b58571097d0c89cfe67957a448eef257db1bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
19580fe977284fc0165c8c6d8175288e

SHA1
16aae425199bb2f1446aae2b5daf8d18c8286b3e

SHA256
3c24c7c468e2554c532fa6551dd41b3d9ce36af49d209f2e08d73422c7d31e18

SHA512
891ac8ef33d0413dded47362c995ebd60411c19715348c972f9044b7d43cab21b208347ace3049b64bef5c94debcb099e387bc2007bcc0f77bf3e548ee4202e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
9KB

MD5
2dd0ba5cab69aac38647fd5bf590a148

SHA1
1514a73690d4283ed42ea5c8afa61266bad7ad48

SHA256
d11805bfed5024e1d210e91a12fd92d9f9a812b8a9750027ac5c54908d3124af

SHA512
1daeb3ac12983a2e267042a949eb4be57031cd838125d2f92de3d90c0600678ec17f47bf545ddcb76326fd18eb434756ac27bbd6001d7d55fbae7fb5c19aea2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
10KB

MD5
d09b5256b5c49b7e292dabf1369f3edd

SHA1
09b6640058b1989e1ad5b5054549f788d2a0d0a9

SHA256
bef8446273daa6c827cbd182e59244bed41ed6b9b66a9bd3c096c0cb78283ce7

SHA512
9c5c2da4b28b138ac839e53433fb170b6c0a6990d7cb100e4ce414f04fa24f40246e6aa501b7c29c0ec2d4f1309e4245d2c094a5b5b9a95eff67fc5b7e4d53d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
01caf339c7997b362b06b26e11211632

SHA1
e98085a1d71b5ad64fec38f7427a086de6e755e3

SHA256
4779045991244802b063d68fda344e31750b3e7f3e7f75d910065500cb024d21

SHA512
097b71bd8ce311d326185f1ab556436e872d8442000176755da135597182ea8d88d363a2d0d6f7fdfeb8ebb9e018bec69a0228247bfb5a811b94654d88c93a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
11KB

MD5
4ada0c2d64e9a2218f6da85e525fc46f

SHA1
fd424707dd1ffb53721aef00c2ae03b4bd54ce0f

SHA256
0aa5074d0884eb3ca7a81dffe21a74299fc8c128c01d1b2d1006cd09b931f4bd

SHA512
8712b7decd76880df8cf9a5a1781fb684d461ae47766fa213970170f87d14a6ab7e211929481092788ad285b3a684456034404d80679a3e50ddda9574d937ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
12KB

MD5
00f9afca7ef992bdd8ef2efcaba16163

SHA1
ca53c310c987aa82e17061fb5119220a125d9e62

SHA256
572022dec6cf3a0c31d48b5f6fb446acc70cc00eb76ae8bad1b1792269d00b8a

SHA512
3f435d1e5fefafd41e160e13b8f8a55cc6ee21012cbf1dd61f5b2ef3f86444494a61385bc8a25920ae056f87fdca12278b9b8d93480daa556a6f286c63dfe314

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
7c5417d856ee1d2853e44f6613ccc2bc

SHA1
d3d98ef2e99bdbef2ba1d9071ce0bc37803c9215

SHA256
5ea4e2832230c2614b319cd60f06f053ecbd56349b772e3b8e722dad4c0f8c96

SHA512
bd6bf97e71e14a6441a56bb6036607270c5a646c146955f28dbfb854e13acf93015694f0ed9f0ced1ca1663d65b0ce4ed4d388872ec2a87fb1287ac25d859d0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
2c52dc2d3dcc9a7af96134d4bd41e021

SHA1
eb5773b734f2123195f35c02fc60a8a5a2370042

SHA256
0d4f90a8c4036e7ada15a63dc09fb5b11eb08dbc6e603bb359c22311720e422e

SHA512
4d14880543c72851d0419c9f945bc56cf34e8965cc371e46ae875bfeaf52f1852b461b1f2031dd01f5f23a018c121c8d254249500fa71be9429eff8f03c8264a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
4KB

MD5
5570ea17b87f3ecc6a641da864645215

SHA1
e3a31048661f4b770f8d7722553cf2a78c0115a6

SHA256
3d5b2d9e999f488451095ff6fc9dd5a9b8da2e96beb5d91af268d462c8da58c5

SHA512
9bd78a3dd0940b57c2d1f994ed495184125f8d038b6de8524c1917a768df5e3f46344c0568928f32bcc47b5d6df778d5edc03a396ce749ecf4e8ee808c0ac943

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
5KB

MD5
3db81da0df06e6fa5a3ac553f20d890e

SHA1
674b39aa7027beb563be29a1d673e9ed37678860

SHA256
e3fc99602394a7c332fdbc845fc776d7185e8f9b713bd87662116194ac4ca454

SHA512
3733ec2faee13bd87d34e1d079eda28fc8120870dfe16c1d0a0e5c26c8ef22a4d436a19e1684f36c761852d1a5c61e1ee201efea94f9a9fddb6c010f6eb44947

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
0d2ee92881c8f8fb8361305ebbaff501

SHA1
5840c73f922376582b998a8abfa3994167c241ad

SHA256
1bd084ea3f6eda19222c42d2e8de602918036448cc35f0361de8549a655dc60a

SHA512
a5e36d654207aeb8539dabe74b794dd67217fa6a14c8357c8c6bd4fb5561cbe90a34fc8ebccffaa9f383fe53b8d8f46bd27e6c6dc37e70da1023645f83a6cd2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
6KB

MD5
412d63c985fb8adfebe2f387e90ffc66

SHA1
2025e4fdcb01592a1aacb2666b72b2cc37d32959

SHA256
14afd8e5a84ada2771098e67e5b8c629c6bbb32395671c866b10e1d686b13d55

SHA512
747d4e7cfeb34ef5453f044130da37fb9e80d4778c0306097807029e54711397955e679f41d97c1acc1863610861732096157b899950e6273cdb9307fcf478b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
8KB

MD5
451e8a342abdd47329f193b8fe28afb6

SHA1
cc60021fd783013ce6668f1395c17f292feb0955

SHA256
8382b73a655041fc43a53bc84b20a5ca091af0ac8e7adbaf65af397113294122

SHA512
3cf723bca4c56b32c1ab55c46a2624c19afdd8666efd527df1cd8c58ae375ae158e47e28c07faf10263370724cb9bdf2276ff544a09ce4551f1ee2a1e94da0aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\tmp\133559629357174000jre_packed.exe

Filesize
153B

MD5
a53e183b2c571a68b246ad570b76da19

SHA1
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13

SHA256
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

SHA512
1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

Download Submit
memory/2460-129-0x0000000000FB0000-0x000000000104E000-memory.dmp

Filesize
632KB

Download
memory/2460-40-0x0000000000FB0000-0x000000000104E000-memory.dmp

Filesize
632KB

Download
memory/2872-128-0x0000000000FB0000-0x000000000104E000-memory.dmp

Filesize
632KB

Download
memory/2872-0-0x0000000000FB0000-0x000000000104E000-memory.dmp

Filesize
632KB

Download
memory/2872-39-0x0000000002F40000-0x0000000002FDE000-memory.dmp

Filesize
632KB

Download
memory/2872-194-0x0000000002F40000-0x0000000002FDE000-memory.dmp

Filesize
632KB

Download